3.7 Example 7: Group Policy Client Cannot Connect to the Group Policy Server When Applying Policy

The examples in this section describe the message sequences during policy application that end in failure as a result of a lost connection with the Group Policy server. The following two scenarios are:

This example maps to the use case specified in Applying Group Policy — Group Policy client (section 2.5.2).

Prerequisites

The following prerequisites apply to the examples in this section:

  • The Group Policy server stores policy and responds to requests from the Group Policy client.

  • The Group Policy client maintains a consistent configuration of policy information that is retrieved from the Group Policy server, which includes registry settings, WMI data, and RSoP data.

  • The Group Policy administrator ensures that the Group Policy client policy configuration aligns with business requirements.

  • The Group Policy client has discovered the Group Policy server and established a connection with Active Directory, as described in [MS-GPOL] section 3.2.5.1.1.

  • The Group Policy client has sent an LDAP BindRequest message, as described in [RFC2251] section 4.2, to the Group Policy server and the Group Policy server has replied with an LDAP BindResponse message, as described in [RFC2251] section 4.2.3.

  • For the failure to contact Group Policy file share scenario, it is assumed that the Group Policy file share resides on the Group Policy server.

Initial System State

The initial state of the Group Policy protocols corresponds to the previously specified prerequisites.

Final System State

The state of the Group Policy protocols and components after execution of each example in this section can be described as follows:

  • The state of the Group Policy protocols and components is unchanged.

Sequence of Events for Active Directory Contact Failure

The following diagram shows the message sequence that occurs when the Group Policy client fails to connect with Active Directory:

Group Policy client applying policy cannot connect with Active Directory

Figure 18: Group Policy client applying policy cannot connect with Active Directory

The message sequence for this example is described as follows:

  1. The Group Policy client sends an LDAP search query, as described in [RFC2251] section 4.5.1, to the Group Policy server to request Group Policy information.

  2. The Group Policy client does not receive a response from the Group Policy server within the time-out interval.

Sequence of Events for Group Policy File Share Contact Failure

The following diagram shows the message sequence that occurs when the Group Policy client fails to connect with the Group Policy file share.

Group Policy client applying policy cannot connect with the Group Policy file share

Figure 19: Group Policy client applying policy cannot connect with the Group Policy file share

The message sequence for this example is described as follows:

  1. The Group Policy client sends an LDAP search query, as described in [RFC2251] section 4.5.1, to the Group Policy server to request Group Policy information.

  2. The Group Policy client receives an LDAP response from the Group Policy server.

  3. The Group Policy client sends a File Open request via a file access protocol to the Group Policy server.

  4. The Group Policy client does not receive a response from the Group Policy server within a specified time-out interval.